Re: CA Server YES or NO
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Sun, 27 Nov 2005 15:53:57 -0500
Third party is preferred. It makes it easier when your devices connect if
they don't have to worry about the trust chain and it's easier for you if
you don't have to have yet another server on the internet to secure (the CA
or at least a RA so that the clients can verify the cert, you can manage the
certs, etc)
Other than that, I assume you know what you're doing and have elected not to
use ISA or some other layer-7 firewall device.
Best of luck.
"Lion" <Lion@xxxxxxxxxx> wrote in message
news:%233abN2z8FHA.1148@xxxxxxxxxxxxxxxxxxxxxxx
> Just to give you little bit more of the background I'm installing a FE
> server for OWA and Mobile devices in to my DMZ and I'm not using ISA. All
> I'm looking fore is the best way of securing it. So my thoughts ware to
> use SSL to secure traffic between FE and the clients and to use IP Sec to
> secure traffic between the FE and BE server.
>
> All I need to know its, should I setup CA of my own or use Third party
> Certificates.
>
> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
> news:OHI62Cq8FHA.3240@xxxxxxxxxxxxxxxxxxxxxxx
>> Let me see if I correctly understand what you're asking:
>> You need a certificate to enable SSL communications for your FE server
>> which is currently in a DMZ?
>>
>> If that's the case, get one from a trusted third party resource. Shop it
>> around, and you may find some significant price differences.
>>
>> Why get it from a third party? Because you seem to have some knowledge
>> of what a PKI is used for, but don't seem to have a lot of time to get
>> really deep in the nuances. Most don't (me included) nor should they.
>> Setting up a PKI is no trivial task, although it can seem to be when you
>> first start down that road. That, and it adds a level of complexity to
>> your workload that's likely not necessary indicating that it would be
>> cheaper and more reliable to purchase the needed items likely at a lower
>> overall cost savings.
>>
>> My thoughts from reading this anyway. If that's not what you were after,
>> by all means please correct me.
>>
>>
>> "Lion" <Lion@xxxxxxxxxx> wrote in message
>> news:e6k2vKo8FHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
>>>I need your recommendation, I don't have CA server in my company at the
>>>moment. I need it just for FE (OWA) server because I'm using DMZ
>>>scenario.
>>>
>>> Should I setup one up or should I go get what I need from verisign.
>>>
>>> Whats the diferenc from the security point of view from mine and the one
>>> from Verisign.
>>>
>>> If I was to setup one where do I need to place it to issue certificets
>>> to my FE in DMZ.
>>>
>>> Thanks
>>>
>>
>>
>
>
.
- References:
- CA Server YES or NO
- From: Lion
- Re: CA Server YES or NO
- From: Al Mulnick
- Re: CA Server YES or NO
- From: Lion
- CA Server YES or NO
- Prev by Date: Re: disclaimer script issue
- Next by Date: Re: Pix->ISA->Exch
- Previous by thread: Re: CA Server YES or NO
- Next by thread: Re: Default E-mail Address problem in Exchange 2003
- Index(es):
Relevant Pages
|
